ประกาศ vBulletin Security Patch for vBulletin 4 Suite Only - 01/10/2012

A recent vBulletin 4 (Suite Only, all versions) report indicated that there is a potential permission exploit vector in the Blogs portion of the product. Once the cause of the issue was isolated, additional permissions checks were added to eliminate the reported threat.

The issue does not affect vBulletin 3.x, or vBulletin 4 Forum Classic. It affects only the Blogs product.

This patch has been issued for vBulletin versions 4.0.0 through 4.1.9. The code change has been included in 4.1.10, which will not need to be patched.

To improve the security of your vBulletin 4 Suite installation please download the patch from the members area of vBulletin: Please Log In
We recommend you install this security patch as soon as possible.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your web server, overwriting the existing files. There is no upgrade script required.

(Advanced users: file updated is /blog_post.php)

Please note that this issue and fix ONLY affects VBULLETIN SUITE. You may notice that vBulletin Forum Only Patch Level was incremented as well - you DO NOT have to patch or take any action for non-CMS sites.


More...